PCI Failing: vulnerable BIND version: 9.8.2rc1

ehask71

• March 17, 2017 11:08

My PCI scans are failing sending a changelog was rejected by controlscan. How can I update bind to get this done? its costing me $29 a month PCI non compliance fee

• 

  cPanelMichael

  • March 17, 2017 18:26

  Hello, Bind is provided upstream by CentOS, and isn't handled through the cPanel software. You may want to contact them again to have them explain why the backported patches offered by CentOS are not sufficient. You can find a similar thread here: ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088) Thank you.

  0
• 

  ehask71

  • March 17, 2017 21:05

  Yeah I provided changelog showing it patched this year and a snippet from redhat saying they don't plan on fixing it as they felt it didn't apply ...... They rejected it. It's the only thing stopping us

  0
• 

  cPanelMichael

  • March 17, 2017 21:09

  Hello, I recommend reaching out to their support team again for a second opinion and asking clarification on the specific reason they are not accepting the backported patches. Thank you.

  0

Please sign in to leave a comment.